Paige Thompson, 33, a former Amazon employee, was caught by authorities after leaving an extensive digital footprint of her alleged crime on the Internet, including boasting about it in online posts, authorities said. She’s now charged with one count of computer fraud and abuse.
Capital One said Monday that Thompson – who according to an FBI complaint also goes by the handle “erratic” – got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said.
The breach in total affected about 100 million people in the U.S. and 6 million in Canada. The bank will offer free credit monitoring services to those affected.
Prosecutors claim that Thompson knew she could soon get caught. More than six weeks before her Monday arrest, she discussed the alleged hack online with friends in chats and in a group she created on the Slack platform.
Friends and associates told the Associated Press that while Thompson was a skilled programmer she was struggling to get a footing and thought the alleged hack could bring her notoriety, fame and even a new job.
She also suffered from depression and said online that her transitioning to a woman since age 22 may have contributed to her mental health problems.
“She had a habit of openly struggling with her state of mind in public channels,” said Aife Dunne, an online friend. “It’s where her screen name comes from.”
Thompson most recently worked at Amazon Web Services, a division that hosted the Capital One data she allegedly accessed illegally beginning in March.
After leaving that job in 2016, she lost her apartment and moved into a group home. FBI agents who searched the house also detained the owner for illegal possession of firearms when they discovered roughly 20 guns, including assault rifles, on the property.
In a Wednesday court filing, federal authorities also said Thompson threatened to “shoot up” a California social media company, though they didn’t name the target.
Investigators say they verified Thompson’s online persona after she posted a photo of an invoice she had gotten from a veterinarian looking after one of her pets.
The bank said the most of the hacked data consists of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019. The data also expose phone numbers, email addresses, dates of birth and self-reported income.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Capital One CEO Richard D. Fairbank said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The Associated Press contributed to this report.